Here is what I found that seems to work from http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/
It only has to be ran once... cat >/etc/firewalld/services/kerberos.xml <<EOD <?xml version="1.0" encoding="utf-8"?> <service> <short>kerberos</short> <description>Kerberos</description> <port protocol="tcp" port="88"/> <port protocol="udp" port="88"/> </service> EOD cat >/etc/firewalld/services/kpasswd.xml <<EOD <?xml version="1.0" encoding="utf-8"?> <service> <short>kpasswd</short> <description>kpasswd</description> <port protocol="tcp" port="464"/> <port protocol="udp" port="464"/> </service> EOD cat >/etc/firewalld/services/ldap.xml <<EOD <?xml version="1.0" encoding="utf-8"?> <service> <short>ldap</short> <description>Lightweight Directory Access Protocol</description> <port protocol="tcp" port="389"/> </service> EOD cat >/etc/firewalld/services/ldaps.xml <<EOD <?xml version="1.0" encoding="utf-8"?> <service> <short>ldaps</short> <description>Lightweight Directory Access Protocol over SSL</description> <port protocol="tcp" port="636"/> </service> EOD firewall-cmd --permanent --zone=public --add-service=dns firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-service=kerberos firewall-cmd --permanent --zone=public --add-service=kpasswd firewall-cmd --permanent --zone=public --add-service=ldap firewall-cmd --permanent --zone=public --add-service=ldaps firewall-cmd --permanent --zone=public --add-service=ntp firewall-cmd --reload On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <mhes...@redhat.com> wrote: > Hi Chris, > > Take a look at the attached snippet - it will walk you through configuring > firewalld > with named chains on RHEL 7. You don't have to use named chains but makes > managing > multiple chains cleaner. Do make sure you 'mask' iptables - only using > 'disable' can still cause > conflicts in some circumstances. > > This is extracted from the recently published reference architecture > "Integrating OpenShift Enterprise > with IdM in RHEL 7": > > https://access.redhat.com/articles/1155603 (The redhat.com links > are not yet in place). > > The context here was for an IdM server but I also used the same approach > for the IdM replica > and RHEL 7 clients. > > hth, > > -m > > > > On 08/25/2014 10:22 PM, Chris Whittle wrote: > > I've got my server up and running great with one exception every time I > reboot I have to login and flush the iptables or nothing can connect. > > I've found a ton of fixes and none seem to work, I'm on FC20 does anyone > have experience with it and wouldn't mind helping? > > > > > -- > > Red Hat Reference Architectures > > Follow Us: https://twitter.com/RedHatRefArch > Plus Us: https://plus.google.com/u/0/b/114152126783830728030/ > Like Us: https://www.facebook.com/rhrefarch > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project